Hi all,
I recently set up an OpenSearch cluster and configured security. When trying to configure auditing, I ran into some issues. Here are the options I applied in my opensearch.yml
file.
plugins.security.audit.type: internal_opensearch
plugins.security.audit.enable_rest: true
plugins.security.audit.enable_transport: true
plugins.security.audit.ignore_users:
- admin
- kibanaserver
plugins.security.audit.config.index: "'os-sirt-qa-auditlog-'YYYYMM"
When starting up the cluster, it seems like three of these above are not being recognized as valid settings; those three are:
plugins.security.audit.enable_rest
plugins.security.audit.enable_transport
plugins.security.audit.ignore_users
Interestingly these settings are mentioned in the official docs so they should be good I would think.
Below is the full stacktrace:
[2021-12-14T19:40:24,375][ERROR][o.o.b.Bootstrap ] [os_sirt1] Exception
java.lang.IllegalArgumentException: unknown setting [plugins.security.audit.ignore_users] did you mean [plugins.security.audit.config.username]?
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:589) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:530) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:500) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:470) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.SettingsModule.<init>(SettingsModule.java:161) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:463) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:319) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:412) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:178) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:169) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:100) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) [opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.main(Command.java:101) [opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:135) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:101) [opensearch-1.2.0.jar:1.2.0]
Suppressed: java.lang.IllegalArgumentException: unknown setting [plugins.security.audit.enable_transport] did you mean [opendistro_security.audit.enable_transport]?
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:589) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:530) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:500) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:470) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.SettingsModule.<init>(SettingsModule.java:161) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:463) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:319) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:412) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:178) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:169) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:100) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) [opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.main(Command.java:101) [opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:135) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:101) [opensearch-1.2.0.jar:1.2.0]
Suppressed: java.lang.IllegalArgumentException: unknown setting [plugins.security.audit.enable_rest] did you mean any of [opendistro_security.audit.enable_rest, plugins.security.audit.config.enable_ssl, plugins.security.audit.type]?
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:589) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:530) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:500) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:470) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.SettingsModule.<init>(SettingsModule.java:161) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:463) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:319) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:412) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:178) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:169) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:100) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) [opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.main(Command.java:101) [opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:135) [opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:101) [opensearch-1.2.0.jar:1.2.0]
[2021-12-14T19:40:24,383][ERROR][o.o.b.OpenSearchUncaughtExceptionHandler] [os_sirt1] uncaught exception in thread [main]
org.opensearch.bootstrap.StartupException: java.lang.IllegalArgumentException: unknown setting [plugins.security.audit.ignore_users] did you mean [plugins.security.audit.config.username]?
at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:182) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:169) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:100) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) ~[opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.main(Command.java:101) ~[opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:135) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:101) ~[opensearch-1.2.0.jar:1.2.0]
Caused by: java.lang.IllegalArgumentException: unknown setting [plugins.security.audit.ignore_users] did you mean [plugins.security.audit.config.username]?
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:589) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:530) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:500) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:470) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.SettingsModule.<init>(SettingsModule.java:161) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:463) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:319) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:412) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:178) ~[opensearch-1.2.0.jar:1.2.0]
... 6 more
Suppressed: java.lang.IllegalArgumentException: unknown setting [plugins.security.audit.enable_transport] did you mean [opendistro_security.audit.enable_transport]?
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:589) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:530) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:500) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:470) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.SettingsModule.<init>(SettingsModule.java:161) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:463) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:319) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:412) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:178) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:169) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:100) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) ~[opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.main(Command.java:101) ~[opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:135) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:101) ~[opensearch-1.2.0.jar:1.2.0]
Suppressed: java.lang.IllegalArgumentException: unknown setting [plugins.security.audit.enable_rest] did you mean any of [opendistro_security.audit.enable_rest, plugins.security.audit.config.enable_ssl, plugins.security.audit.type]?
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:589) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:530) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:500) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:470) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.common.settings.SettingsModule.<init>(SettingsModule.java:161) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:463) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.node.Node.<init>(Node.java:319) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:412) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:178) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:169) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:100) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) ~[opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.cli.Command.main(Command.java:101) ~[opensearch-cli-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:135) ~[opensearch-1.2.0.jar:1.2.0]
at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:101) ~[opensearch-1.2.0.jar:1.2.0]